wireless security and electrosmog blog

There’s an interesting article on GPS in the New Scientist this week – issue 12th March 2011, page 44.

The crux of the article is this: while we’re all using GPS in Smartphones & TomToms to find out where we are, it’s also being used in lots of mission-critical infrastructure hardware these days to get accurate atomic clock time & date stamps. Some of these other uses: GSM cell towers to synchronise clocks, signing stock market financial transactions, bank ATM timestamps, the United States power grid to sync 5000 suppliers, some airports use GPS-based landing systems to assist in poor visibility. In the future the US Federal Railroad Administration plans to rely on GPS for smart management of rail traffic. GPS is also used to locate cars, boats & cargo.

Jammers for GPS are now being manufactured in large numbers in Chinese factories, and can be bought over the internet using Paypal direct from the Far East – along with jammers for every other radio system you can imagine – just Google it. Like all these other jammers they are illegal to use. So who uses them? They are used by truckers to hide from their snooping bosses, criminals who steal cars with trackers fitted and people who want to avoid some GPS enabled road toll systems.

The problem is that GPS signals are derived from satellites in space that only transmit on low power. If you turn on a GPS jammer you not only block your own device, but also all GPS devices for hundreds of metres around you. The article mentions a trucker who used to drive past Newark Liberty International Airport, and his jammer shut down their new GPS assisted landing system, sometimes twice a day. It took them several months to discover the trucker in question.

Potentially far worse though, it’s also possible to spoof a GPS system, making it think it’s somewhere it isn’t. It’s also theoretically possibly to spoof the atomic clock timings that Stockbrokers and ATMs depend upon. If you could manipulate the time-stamp on stock market buy & sell orders you could make millions. Professor Todd Humphreys at the University of Texas has done a lot of research into GPS spoofing.

GPS is one of the few systems that security researchers armed with USRP software radios have yet to turn their attention to. The USRP radio peripheral can be made to mimic almost any radio system. So far they’ve gone after Bluetooth, WiFi, Dect & GSM. This year they’ve started a project to build a fully functioning Tetra radio (albeit without the encryption the Police use). GPS is a next logical target for man-in-the-middle spoofing attacks using USRP & other custom transceivers.

The article goes on to mention the development of eLORAN, which is a ground based GPS type navigation system, which can use higher power transmitters to overcome some of GPS’s limitations. Also, as Atomic Clocks become cheaper, any appliance will be able to figure out where it is (relative to a known starting point) using just digital compasses, accelerometers & gyroscopes. In fact, some of these sensors are already in iPhone & Android smartphones.

Another possible way of knowing if your GPS is being spoofed is to cross-reference using a 2nd technology. This could be the WiFi router MAC address database that Google compiled while mapping our roads for Streetview – useful on smartphones that have GPS & WiFi built in. Or you could make a database of all the cellphone sites in the UK using a laptop running OsmocomBB Cell_Log, a £10 Motorola C115 phone & a GPS receiver – accuracy is good to 100 metres, and any cellphone that can issue a RACH request can use the answers to locate itself from the Timing Advance value returned from multiple cell sites – this would be useful on a laptop only. I think Holland may have produced a similar map already.

Ettus Research, the maker of the USRP, announced on February 14th their own GPSDO add-on board ($750 each) for the USRP N200/N210. This will allow USRP radios at different sites to sync with each other accurately, just like the aforementioned cell towers do.